ip 功能说明: 网络配置工具 ip命令是iproute软件包中的一个强大的网络配置工具,用于显示或管理Linux系统的路由、网络设备、策略路由和隧道。 CentOS7开始推广ip命令,用于替代传统的ifconfig和route命令 语法格式: ip [选项] [网络对象] [操作命令] 参数选项 -s 输出更详细的信息,为了显示更详细的信息,可重复使用此选项 -r 显示主机时,不使用IP地址,而是使用主机的域名 网络对象 指定要管理的网络对象,支持的网络对象如下: link 网络设备 address 设备的协议地址(IP地址) addrlabel 协议地基标签管理 neighbour arp或ndisc缓存表 roue 路由表 rule 策略路由表 maddress 多播地址 mroute 多播路由缓存表 tunnel IP隧道 xfrm IPsec协议框架 这里有一个有趣的用法,比如 ip address 可以简写为 ip addr 或者最简化 ip a,它们的效果是一样的,其他对象也是如此 操作命令 对指定的网络对象完成的具体操作。通常,每一个具体操作的命令后面又有一组相关的命令选项。 不同的操作对象所支持的操作命令也不同。下面按照操作的网络对象给出所支持的常见操作命令。 link 对象支持的操作命令:set(修改设备属性)、show(显示设备属性); address 对象支持的操作命令:add(添加协议地址)、del(测除协议地址)、flush(清除协议地址)、show(查看协议地址); addrlabel 对象支持的操作命令:add、del、list、flush; neighbour 对象支持的操作命令:add、change、replace、delete、show、flush; route 对象支持的操作命令:add,change、replace、delete、show、flush、get; rule 对象支持的操作命今:add、delete、flush、show; maddress 对象支持的操作命令:show、add、delete; mroute 对象支持的操作命令:show; tunnel 对象支持的操作命令:add、change、delete,prl、show; xfrm 对象支持的操作命令:state、policy、monitor。 说明: 1)show命令用于显示指定设备的信息,加果后面不接设备名,剩会显示所有设备的信息。例如ip a和ip a show的结果是一样的。 2)操作命令也可以简写,比如ip a show 可以简写为ip a s 范例:显示网络设备属性 [root@cs6 ~]# ip link show dev eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff [root@cs6 ~]# ip -s link show dev eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 828 12 0 0 0 0 [root@cs6 ~]# ip -s -s link show dev eth1 # 使用两个s显示更详细的属性 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 RX errors: length crc frame fifo missed 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 828 12 0 0 0 0 TX errors: aborted fifo window heartbeat 0 0 0 0 范例:关闭和激活设备 [root@cs6 ~]# ip link show dev eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff [root@cs6 ~]# ip link set eth1 down [root@cs6 ~]# ip link show dev eth1 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff 范例:修改MAC地址 [root@cs6 ~]# ip link show dev eth1 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:0c:29:8c:6a:0e brd ff:ff:ff:ff:ff:ff [root@cs6 ~]# ip link set eth1 address 0:0c:29:13:10:11 #<=修改MAC地址 [root@cs6 ~]# ip link show dev eth1 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff 范例:查看网卡信息 [root@cs6 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:8c:6a:04 brd ff:ff:ff:ff:ff:ff inet 10.0.0.100/24 brd 10.0.0.255 scope global eth0 inet6 fe80::20c:29ff:fe8c:6a04/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff inet 172.16.1.100/24 brd 172.16.1.255 scope global eth1 [root@cs6 ~]# ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:8c:6a:04 brd ff:ff:ff:ff:ff:ff 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff 范例:添加或删除IP地址 [root@cs6 ~]# ip a show eth1 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff inet 172.16.1.100/24 brd 172.16.1.255 scope global eth1 [root@cs6 ~]# ip link set eth1 up [root@cs6 ~]# ip link show dev eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff [root@cs6 ~]# ip a add 172.16.1.13/24 dev eth1 # 可以添加多个IP地址,这种称为辅助IP,前面ifconfig 命令创建的为别名称IP.现在采用的高可用软件诶heartbeat 、keepalive都采用了辅助IP [root@cs6 ~]# ip a show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff inet 172.16.1.100/24 brd 172.16.1.255 scope global eth1 inet 172.16.1.13/24 scope global secondary eth1 inet6 fe80::20c:29ff:fe13:1011/64 scope link valid_lft forever preferred_lft forever [root@cs6 ~]# ip a del 172.16.1.100/24 dev eth1 # 删除主IP [root@cs6 ~]# ip a show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff inet6 fe80::20c:29ff:fe13:1011/64 scope link valid_lft forever preferred_lft forever #IP地址全部被删除 [root@cs6 ~]# ip a add 172.16.1.100/24 dev eth1 [root@cs6 ~]# ip a add 172.16.1.13/24 dev eth1 [root@cs6 ~]# ip a del 172.16.1.13/24 dev eth1 [root@cs6 ~]# ip a show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff inet 172.16.1.100/24 scope global eth1 inet6 fe80::20c:29ff:fe13:1011/64 scope link valid_lft forever preferred_lft forever 说明: 删除网卡的主IP地址,同时会删除该网卡的所有IP地址。 删除网卡的辅助IP地址,不会影响该网卡的其他IP地址。 范例:使用ip命令创建别名IP [root@cs6 ~]# ip a show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff inet 172.16.1.100/24 scope global eth1 inet6 fe80::20c:29ff:fe13:1011/64 scope link valid_lft forever preferred_lft forever 使用label选项创建别名IP [root@cs6 ~]# ip a add 10.0.0.29/32 dev eth1 label eth1:1 [root@cs6 ~]# ip a show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:13:10:11 brd ff:ff:ff:ff:ff:ff inet 172.16.1.100/24 scope global eth1 inet 10.0.0.29/32 scope global eth1:1 inet6 fe80::20c:29ff:fe13:1011/64 scope link valid_lft forever preferred_lft forever [root@cs6 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:8C:6A:04 inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe8c:6a04/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2876 errors:0 dropped:0 overruns:0 frame:0 TX packets:1835 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:266051 (259.8 KiB) TX bytes:198053 (193.4 KiB) eth1 Link encap:Ethernet HWaddr 00:0C:29:13:10:11 inet addr:172.16.1.100 Bcast:0.0.0.0 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe13:1011/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:1296 (1.2 KiB) eth1:1 Link encap:Ethernet HWaddr 00:0C:29:13:10:11 inet addr:10.0.0.29 Bcast:0.0.0.0 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) 备注:使用ifconfig命令创建的别名IP,ip命令能够查询到; 相反,通过ip命今创建的辅助IP,ifconfig命令则查询不了,除非使用ip命令的label功能创建别名IP。 范例:查看路由表 [root@cs6 ~]# ip route 10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.100 172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.100 169.254.0.0/16 dev eth0 scope link metric 1002 default via 10.0.0.2 dev eth0 [root@cs6 ~]# ip route|column -t 10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.100 172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.100 169.254.0.0/16 dev eth0 scope link metric 1002 default via 10.0.0.2 dev eth0 #<==使用column命令格式化,选项-t,默认根据空格分隔判断输入行的到数来创建一个表。 [root@cs6 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 eth0 添加静态路由 [root@cs6 ~]# ip route add 10.1.0.0/24 via 10.0.0.253 dev eth0 [root@cs6 ~]# ip route |column -t 10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.100 172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.100 10.1.0.0/24 via 10.0.0.253 dev eth0 169.254.0.0/16 dev eth0 scope link metric 1002 default via 10.0.0.2 dev eth0 范例:查看ARP缓存 [root@cs6 ~]# ip neighbour 10.0.0.1 dev eth0 lladdr 00:50:56:c0:00:08 REACHABLE 10.0.0.2 dev eth0 lladdr 00:50:56:f4:fb:52 STALE 10.0.0.99 dev eth0 FAILED 范例:添加或删除静态ARP项 [root@cs6 ~]# ip neighbour add 192.168.1.100 lladdr 00:50:56:f4:fb:55 dev eth0 [root@cs6 ~]# ip neighbour 192.168.1.100 dev eth0 lladdr 00:50:56:f4:fb:55 PERMANENT 10.0.0.1 dev eth0 lladdr 00:50:56:c0:00:08 REACHABLE 10.0.0.99 dev eth0 FAILED 10.0.0.2 dev eth0 lladdr 00:50:56:f4:fb:52 STALE [root@cs6 ~]# ip neighbour del 192.168.1.100 dev eth0 [root@cs6 ~]# ip neighbour 192.168.1.100 dev eth0 FAILED 10.0.0.1 dev eth0 lladdr 00:50:56:c0:00:08 REACHABLE 10.0.0.99 dev eth0 FAILED 10.0.0.2 dev eth0 lladdr 00:50:56:f4:fb:52 STALE